PHP users are warned of a bug

USERS OF the web scripting language PHP have been warned not to download the latest version after the discovery of faulty components that could pose a security risk.

According to The INQUIRER's sister IT news web site V3.co.uk, the PHP Group has warned against installing the 5.3.7 update and recommends waiting for PHP 5.3.8 later this week. The security organisation Sans Institute is also advising users to hold off on updating PHP.

This is because the 5.3.7 update contains a faulty encryption component that is unable to properly encrypt data. The flaw prevents the full encryption and proper handling of MD5 encoded data. It is considered serious enough to warrant bypassing the 5.3.7 release.

The PHP 5.3.7 build was released on 18 August, containing 90 bug fixes and performance enhancements as well as at least six security updates. The update was the largest for PHP since the March 2011 release of version 5.3.6. µ